PopnupBlog index.php multiple variables Cross-Site Scripting [XOOPS.org Members Lounge]

XOOPS

Forum

Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk

PopnupBlog index.php multiple variables Cross-Site Scripting

2008/8/28 13:14
hazman
Just popping in
Posts: 1
Since: 2005/7/29

You don't seem to have a security forum so I don't know where to post this. Feel free to move the post.

PopnupBlog index.php multiple variables Cross-Site Scripting

PopnupBlog contains a flaw that allows a remote cross site scripting attack.This flaw exists because
the application does not validate 'param' , 'cat_id' and 'view' variables upon submission to 'index.php' script.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within
the trust relationship between the browser and the server, leading loss ofintegrity.

More...

Login

Username

Password

Remember me

Search

Advanced Search

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	Aug 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}

PopnupBlog index.php multiple variables Cross-Site Scripting

Login

Search

Recent Posts

activate block by default

Re: wgFilemanager released for testing and contribution

wgFilemanager released for testing and contribution

Re: XOOPS 2.5.12 Beta-2 available for Testing

Re: XOOPS 2.5.12 Beta-2 available for Testing

Re: XOOPS 2.5.12 Beta-2 available for Testing

Re: XOOPS 2.5.12 Beta-2 available for Testing

Re: XOOPS 2.5.12 Beta-2 available for Testing

XOOPS 2.5.12 Beta-2 available for Testing

PHP 8.4.0 Alpha 1 released

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}